Lucene search

K
cve[email protected]CVE-2006-0844
HistoryFeb 22, 2006 - 2:02 a.m.

CVE-2006-0844

2006-02-2202:02:00
web.nvd.nist.gov
16
cve-2006-0844
authentication bypass
cookie
leif m. wright's blog 3.5
nvd

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.9%

Leif M. Wright’s Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.

Affected configurations

NVD
Node
leif_m._wrightweb_blogMatch3.5

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.9%